admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 10:16:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create CVE-2021-42392.md

Browse Source
This commit is contained in:
之乎者也 2023-04-07 10:58:06 +08:00 committed by GitHub
parent cae8a7e818
commit df26085e01
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CVE-2021-42392.md Normal file
View File

@ -0,0 +1,12 @@
## H2 Database Console login.do Code Execution Vulnerability (CVE-2021-42392)
| **Vulnerability** | **H2 Database Console login.do Code Execution Vulnerability (CVE-2021-42392)** |
| :----: | :-----|
| **Chinese name** | H2 Database 数据库 login.do 文件远程代码执行漏洞 (CVE-2021-42392) |
| **CVSS core** | 9.0 |
| **FOFA Query** (click to view the results directly)| [body="login.jsp?jsessionid=" && body="Welcome to H2"](https://fofa.info/result?qbase64=Ym9keT0ibG9naW4uanNwP2pzZXNzaW9uaWQ9IiAmJiBib2R5PSJXZWxjb21lIHRvIEgyIg%3D%3D) |
| **Number of assets affected** | 488 |
| **Description** | H2 database is a Java memory database, which is mainly used for unit testing. There is an unauthorized remote code execution vulnerability in the H2 Database Web management page. An attacker can use this vulnerability to arbitrarily execute code on the server side, write to the back door, and obtain server permissions, thereby controlling the entire web server. |
| **Impact** | Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server. |
![](https://s3.bmp.ovh/imgs/2023/04/07/0a5df04ffd240ed7.gif)